How Advances in Storage Technology Create a New Security Challenge

October 25, 2006

One of the more fascinating toys or objects in a grade school science class is magnets. Give an adult two magnets, and the childhood fascination takes over. Invariably, that person will start putting the magnets together in attempts to make them join and repel. Many people have forgotten the exact principle of why two magnets will attract or repel one another, but most probably remember the experiment where iron ore on a piece of paper is made to align one way or another. The manner in which the ore aligned itself can best be described as longitudinal, that is, the pieces were lying down. Carry this principle forward  and on a much smaller scale  and you have the means by which magnetic disks (hard drives) store data.

Even on a comparatively microscopic level, each piece or bit of information requires space on a track (at a more granular level, but still true with respect to a disk as a whole). Looked at another way, a track has a fixed limit for the amount of information it can contain because of the way the bits of information are aligned. Another experiment typically performed with the iron ore is making the fragments stand on end while passing a magnet over them. Instead of lying down and recording, so to speak, information about the magnetic field, imagine storing the same information by making the bits stand on end.

Making the bits stand on end is known as perpendicular magnetic recording (PMR) technology. According to Fujitsu, its MHW2160BH model boasts the industry's highest storage capacity for a 5,400 rpm HDD. In case the significance of what a 2.5 HDD is escapes you, chances are very good that the hard drive in your laptop or notebook computer is a 2.5 HDD. Disk drives in the 40 to 80GB range are fairly common in OEM/out of the box laptops, so having a hard drive with two to four times as much capacity  all the while using the same amount of space as before  is a significant improvement.

Even more appealing is the projected increase in areal density (number of bits per inch times the number of tracks per inch, or number of bits per square inch of storage surface) from todays 100 billion bits/in2 (using longitudinal magnetic recording, or LMR) to around 500 billion bits/in2 by 2010. For a perspective, consider that IBMs RAMAC storage device (circa 1956) had a density of around 2,000 bits per square inch. Achieving the 500 billion mark is an increase of 250 million times what was available 50 years ago. As a comparison to other advances in computing technology, this rate of increase far exceeds rates predicted by Moores Law.

PMR technology in of itself is not new (considered since the late 1970s), but being able to apply it has been problematic because of physics and the current state of design engineering. Engineers at Fujitsu have overcome four major barriers in being able to apply PMR in a practical setting. The four areas are deterioration of the bit error rate (BER) due to noise from the soft magnetic underlayer (SUL), the wide area data erase phenomena (WATER), the high media production cost of thick SULs, and how to obtain a low BER at a high recording density. The advance in areal density (and making new products cost-attractive for consumers) is indicated by the top right region in Figure 1.

To some degree, LMR and PMR are the same. Read operations essentially apply the same technique to obtain information. The major difference is in how data is written or stored to disk. Figure 2 illustrates the similarities and differences between LMR and PMR.

Given that PMR is not new but that advances in design engineering are, it would stand to reason that Fujitsu is not the only HDD manufacturer to be in the race to product, market and sell PMR HDDs. Western Digital announced in July 2006 that it is in volume production of an 80GB PMR-based HDD. Hitachi has already produced HDDs based on PMR. The race is on to push the storage envelope beyond its current limits. It is estimated that LMR storage capacity will achieve its maximum areal density within one or two more generations (generation meaning about one year). What is the limiting factor driving the push to PMR drives?

The limiting factor is an effect called superparamagnetism (the magnetic grains lose their orientation due to random thermal vibrations). This effect will eventually limit the areal density of PMR-based drives, but the limit is unknown at this time. Previous estimates of the top density for LMR drives have been far exceeded due to clever design and ingenuity, and perhaps the same will hold true for PMR drives. In any event, PMR-based drives are currently on the market (and at reasonable prices). The breakthrough news of late is of whom is releasing PMR drives when, and we can expect to hear about areal density amounts being increased over the coming years.

How does this relate to a database? Earlier in 2006, a Department of Veterans Affairs worker took home a laptop, which was subsequently stolen from the employees house. Data about millions of veterans was contained on the hard drive. The hard drive was probably in the 40-80GB range in size. Imagine the implications - under similar circumstances where a new PMR hard drive with 160GB storage capacity were in use  if hundreds of millions of records (record = someones personal data) had been compromised. Out of curiosity, what is the take a laptop home to catch up on some work policy at the Social Security Administration or at the Department of Treasury (Internal Revenue Service)?

In Closing

The underlying point of this article relates to how you should secure your database (Oracle or otherwise). Its not enough anymore to simply restrict access. A portable (and removable) media storage device presents a security challenge organizations must address. How many people in your office carry a multi-gigabyte USB/flash drive around on a key chain? What about MP3 players? In case you didnt realize it, MP3 players can also store any type of file because after all, they are nothing more than miniature hard drives. The keychain/MP3 player security threat is quite real. As our ability to store more and more data increases, so does our responsibility to protect it.